At 08:04 PM 7/21/2002 +0000, Chuck wrote: >""Howard C. Berkowitz"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 5:25 PM +0000 7/21/02, richard dumoulin wrote: > > >Well, I interpret it that you can ping the serial, no ? > > > > > > > I would assume that. It makes no sense for an ISP to use unnumbered > > interfaces, because it easily can use /30 or /31 private addresses. > > It could use a small part of its registered address space, which > > would let someone traceroute to the gateway. > > >CL: I have a question about that. Recently I was doing some work for a >government entity, with multiple sites statewide. I was doing some >traceroutes to ascertain paths and potential security issues. this >organization had contracted with a third party of internet services, who >also was contractually responsible for firewalls and other security devices >and procedures. In any case, I saw two interesting phenomena while doing my >testing. One was the presence of private IP numbers in some of the paths. >The other was the lack of anything from particular hops along the path. EG >the infamous * * * response, although the trace would continue and conclude >to the destination I wanted to reach. as all my work commenced from my >office across the public internet to the destination, this led me to >conclude that the presence of 1918 addresses does not necessary disallow the >successful completion of traces.
PV: 1918 certainly doesn't prevent the completion of traceroutes, but it does tend to break Path MTU Discovery which isn't ideal. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49389&t=49347 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]